Topics

Explore all topics

Universities

uni logo
University of North Carolina at Chapel Hill
uni logo
University of Notre Dame
uni logo
Clemson University
Explore all Universities

Professors

Overall Quality
-/5
c c
Overall Quality
-/5
Billt Camp
Overall Quality
-/5
mathio g
Explore all Professors
Add Browser Extension
Start Free Trial
Need Help? Contact us
title
Textbook Solutions
Step-by-step solutions verified by experts
title
24/7 Homework Help
Complete assignments with the help of our community
title
Flashcards
Stimulate your visual memory & walk into test day with confidence
title
DocuAssist
Upload your study materials and we’ll help fill in the answers.
title
Campus Reps
Become a Campus Rep and earn up to 20% commission, plus weekly and monthly cash prizes.
title
My Courses
Add the courses you're enrolled in for tailored study material to meet your requirements
Explore all services
Add Browser Extension
Start Free Trial
Need Help? Contact us
back arrowfull exam logo
العربية
search
ai logoChat with AI
Servicesarrow
Textbook Solutions icon
Textbook Solutions
24/7 Homework Help icon
24/7 Homework Help
Flashcards icon
Flashcards
DocuAssist icon
DocuAssist
Campus Reps icon
Campus Reps
My Courses icon
My Courses
Mobile App icon
Mobile App
Explore All Services
Discoverarrow

Topics

Explore All Services

Universities

uni logo
University of North Carolina at Chapel Hill
uni logo
University of Notre Dame
uni logo
Clemson University
Explore all Universities

professors

/5
c c
/5
Billt Camp
/5
mathio g
Explore all Professors
Explore all topics
Discover more topics
HomeSchoolingAsk a question

Deck 6: Risk Management: Identifying and Assessing Risk

Full screen (f)
exit full mode
Question
Thesecretarialcommunity often takes on the leadership role in addressing risk.____________
Use Space or
up arrow
down arrow
to flip the card.
Question
The identification and assessment of levels of risk in an organization describes which of the following?

A) Risk analysis
B) Risk identification
C) Risk management
D) Risk reduction
Question
The recognition,enumeration,and documentation of risks to anorganization's information assets.is known as risk control.____________ ​
Question
An evaluation of the threats to information assets,including adetermination of their potential to endanger the organization is known as exploit assessment.____________
Question
The Australian and New Zealand Risk Management Standard 4360 uses qualitative methods to determine risk based on a threat's probability of occurrence and expected results of a successful attack.
Question
Two of the activities involved in risk management include identifying risks and assessing risks.Which of the following activities is part of the risk assessment process?

A) Creating an inventory of information assets
B) Classifying and organizing information assets into meaningful groups
C) Assigning a value to each information asset
D) Calculating the severity of risks to which assets are exposed in their current setting
Question
Some threats can manifest in multiple ways,yielding multiple exploits for an asset-threat pair. ____________ ​
Question
A formal access control methodology used to assign a level ofconfidentiality to an information asset and thus restrict the number of people who can access it is known as a data categorizationscheme.____________
Question
An approach to combining risk identification,risk assessment,and risk appetiteinto a single strategy.is known as risk protection.___________
Question
Each manager in the organization should focus on reducing risk.This is often done within the context of one of the three communities of interest,which includes all but which of the following?

A) General management must structure the IT and InfoSec functions
B) IT management must serve the IT needs of the broader organization
C) Legal management must develop corporate-wide standards
D) InfoSec management must lead the way with skill, professionalism, and flexibility
Question
The probability that a specific vulnerability within an organization will be the targetof an attack is known as risk.____________
Question
Some threats can manifest in multiple ways,yielding multiple vulnerabilities for an asset-threat pair.
Question
The InfoSec community often takes on the leadership role in addressing risk.
Question
MAC addresses are considered a reliable identifier for devices with network interfaces,since they are essentially foolproof.
Question
An asset valuation approach that uses categorical or nonnumericvalues rather than absolute numerical measures is known as numberless assessment.____________
Question
The information technology management community of interest often takes on the leadership role in addressing risk. ____________
Question
Which of the following is a network device attribute that may be used in conjunction with DHCP,making asset-identification using this attribute difficult?

A) Part number
B) Serial number
C) MAC address
D) IP address
Question
Two of the activities involved in risk management include identifying risks and assessing risks.Which of the following activities is part of the risk identification process?

A) Determining the likelihood that vulnerable systems will be attacked by specific threats
B) Calculating the severity of risks to which assets are exposed in their current setting
C) Assigning a value to each information asset
D) Documenting and reporting the findings of risk identification and assessment
Question
Having an established risk management program means that an organization's assets are completely protected.
Question
A prioritized lists ofassets and threats can be combined with exploit information into a specialized report known as a TVA worksheet​.____________
Question
Once an information asset is identified,categorized,and classified,what must also be assigned to it?

A) Asset tag
B) Relative value
C) Location ID
D) Threat risk
Question
What should the prioritized list of assets and their vulnerabilities and the prioritized list of threats facing the organization be combined to create?

A) Risk exposure report
B) Threats-vulnerabilities-assets worksheet
C) Costs-risks-prevention database
D) Threat assessment catalog
Question
Determining the cost of recovery from an attack is one calculation that must be made to identify risk,what is another?

A) Cost of prevention
B) Cost of litigation
C) Cost of detection
D) Cost of identification
Question
Which of the following is NOT among the typical columns in the ranked vulnerability risk worksheet?

A) Uncertainty percentage
B) Asset impact
C) Risk-rating factor
D) Vulnerability likelihood
Question
Data classification schemes should categorize information assets based on which of the following?

A) Value and uniqueness
B) Sensitivity and security needs
C) Cost and replacement value
D) Ease of reproduction and fragility
Question
What should you be armed with to adequately assess potential weaknesses in each information asset?

A) Properly classified inventory
B) Audited accounting spreadsheet
C) Intellectual property assessment
D) List of known threats
Question
Which of the following distinctly identifies an asset and can be vital in later analysis of threats directed to specific models of certain devices or software components?

A) Name
B) MAC address
C) Serial number
D) Manufacturer's model or part number
Question
Which of the following is an attribute of a network device is physically tied to the network interface?

A) Serial number
B) MAC address
C) IP address
D) Model number
Question
As each information asset is identified,categorized,and classified,a ________ value must also be assigned to it.
Question
Assessing risks includes determining the ____________________ that vulnerable systems will be attacked by specific threats.
Question
Classification categories must be mutually exclusive and which of the following?

A) Repeatable
B) Unique
C) Comprehensive
D) Selective
Question
Risk ____________ is the process of discovering and assessing the risks to an organization's operations and determining how those risks can be mitigated.
Question
As part of the risk identification process,listing the assets in order of importance can be achieved by using a weighted ____________________ worksheet.
Question
What is defined as specific avenues that threat agents can exploit to attack an information asset?

A) Liabilities
B) Defenses
C) Vulnerabilities
D) Weaknesses
Question
What is the final step in the risk identification process?

A) Assessing values for information assets
B) Classifying and categorizing assets
C) Identifying and inventorying assets
D) Listing assets in order of importance
Question
An estimate made by the manager using good judgement and experience can account for which factor of risk assessment?

A) Risk determination
B) Assessing potential loss
C) Likelihood and consequences
D) Uncertainty
Question
Which of the following attributes does NOT apply to software information assets?

A) Serial number
B) Controlling entity
C) Manufacturer name
D) Product dimensions
Question
Which of the following is an example of a technological obsolescence threat?

A) Hardware equipment failure
B) Unauthorized access
C) Outdated servers
D) Malware
Question
The likelihood of the occurrence of a vulnerability multiplied by the value of the information asset minus the percentage of risk mitigated by current controls plus the uncertainty of current knowledge of the vulnerability are each examples of _____.

A) Vulnerability mitigation controls
B) Risk assessment estimate factors
C) Exploit likelihood equation
D) Attack analysis calculation
Question
Classification categories must be ____________________ and mutually exclusive.
Question
a.risk management
b.risk analysis
c.classification categories
d.risk identification
e.field change order
f.threat assessment
g.risk appetite
h.qualitative assessment
i.residual risk
j.ranked vulnerability risk worksheet
An evaluation of the dangers to information assets,including adetermination of their potential to endanger the organization.
Question
How should the initial inventory be used when classifying and categorizing assets?
Question
Briefly describe any three standard categories of information asset and their respective risk management components.
Question
For the purposes of relative risk assessment how is risk calculated?
Question
What strategic role do the InfoSec and IT communities play in risk management?Explain.
Question
What are the included tasks in the identification of risks?
Question
Discuss the trends in frequency of attacks and how that plays into a risk management strategy.
Question
a.risk management
b.risk analysis
c.classification categories
d.risk identification
e.field change order
f.threat assessment
g.risk appetite
h.qualitative assessment
i.residual risk
j.ranked vulnerability risk worksheet
The quantity and nature of risk that organizations are willing to accept.
Question
Why is threat identification so important in the process of risk management?
Question
Describe the use of an IP address when deciding which attributes to track for each information asset.
Question
a.risk management
b.risk analysis
c.classification categories
d.risk identification
e.field change order
f.threat assessment
g.risk appetite
h.qualitative assessment
i.residual risk
j.ranked vulnerability risk worksheet
An asset valuation approach that uses categorical or nonnumeric values rather than absolute numerical measures.
Question
a.risk management
b.risk analysis
c.classification categories
d.risk identification
e.field change order
f.threat assessment
g.risk appetite
h.qualitative assessment
i.residual risk
j.ranked vulnerability risk worksheet
Occurs when a manufacturer performs an upgrade to a hardware component at the customer's premises.
Question
a.risk management
b.risk analysis
c.classification categories
d.risk identification
e.field change order
f.threat assessment
g.risk appetite
h.qualitative assessment
i.residual risk
j.ranked vulnerability risk worksheet
Remains even after current control has been applied.
Question
a.risk management
b.risk analysis
c.classification categories
d.risk identification
e.field change order
f.threat assessment
g.risk appetite
h.qualitative assessment
i.residual risk
j.ranked vulnerability risk worksheet
Assigns a risk-rating ranked value to each uncontrolled asset-vulnerability pair.
Question
a.risk management
b.risk analysis
c.classification categories
d.risk identification
e.field change order
f.threat assessment
g.risk appetite
h.qualitative assessment
i.residual risk
j.ranked vulnerability risk worksheet
An approach to combining risk identification,risk assessment,and risk appetite into a single strategy.
Question
What does it mean to 'know the enemy' with respect to risk management?
Question
a.risk management
b.risk analysis
c.classification categories
d.risk identification
e.field change order
f.threat assessment
g.risk appetite
h.qualitative assessment
i.residual risk
j.ranked vulnerability risk worksheet
The process of identifying risk,assessing its relative magnitude,and takingsteps to reduce it to an acceptable level.
Question
a.risk management
b.risk analysis
c.classification categories
d.risk identification
e.field change order
f.threat assessment
g.risk appetite
h.qualitative assessment
i.residual risk
j.ranked vulnerability risk worksheet
The recognition,enumeration,and documentation of risks to anorganization's information assets.
Question
List the stages in the risk identification process in order of occurrence.
Question
a.risk management
b.risk analysis
c.classification categories
d.risk identification
e.field change order
f.threat assessment
g.risk appetite
h.qualitative assessment
i.residual risk
j.ranked vulnerability risk worksheet
Labels that must be comprehensive and mutually exclusive.
Unlock Deck
Sign up to unlock the cards in this deck!
Unlock Deck
Unlock Deck
1/60
auto play flashcards
Play
simple tutorial
Full screen (f)
exit full mode
Deck 6: Risk Management: Identifying and Assessing Risk
1
Thesecretarialcommunity often takes on the leadership role in addressing risk.____________
False - InfoSec,infosec,Information Security,information security
2
The identification and assessment of levels of risk in an organization describes which of the following?

A) Risk analysis
B) Risk identification
C) Risk management
D) Risk reduction
A
3
The recognition,enumeration,and documentation of risks to anorganization's information assets.is known as risk control.____________ ​
False - identification
4
An evaluation of the threats to information assets,including adetermination of their potential to endanger the organization is known as exploit assessment.____________
Unlock Deck
Unlock for access to all 60 flashcards in this deck.
Unlock Deck
k this deck
5
The Australian and New Zealand Risk Management Standard 4360 uses qualitative methods to determine risk based on a threat's probability of occurrence and expected results of a successful attack.
Unlock Deck
Unlock for access to all 60 flashcards in this deck.
Unlock Deck
k this deck
6
Two of the activities involved in risk management include identifying risks and assessing risks.Which of the following activities is part of the risk assessment process?

A) Creating an inventory of information assets
B) Classifying and organizing information assets into meaningful groups
C) Assigning a value to each information asset
D) Calculating the severity of risks to which assets are exposed in their current setting
Unlock Deck
Unlock for access to all 60 flashcards in this deck.
Unlock Deck
k this deck
7
Some threats can manifest in multiple ways,yielding multiple exploits for an asset-threat pair. ____________ ​
Unlock Deck
Unlock for access to all 60 flashcards in this deck.
Unlock Deck
k this deck
8
A formal access control methodology used to assign a level ofconfidentiality to an information asset and thus restrict the number of people who can access it is known as a data categorizationscheme.____________
Unlock Deck
Unlock for access to all 60 flashcards in this deck.
Unlock Deck
k this deck
9
An approach to combining risk identification,risk assessment,and risk appetiteinto a single strategy.is known as risk protection.___________
Unlock Deck
Unlock for access to all 60 flashcards in this deck.
Unlock Deck
k this deck
10
Each manager in the organization should focus on reducing risk.This is often done within the context of one of the three communities of interest,which includes all but which of the following?

A) General management must structure the IT and InfoSec functions
B) IT management must serve the IT needs of the broader organization
C) Legal management must develop corporate-wide standards
D) InfoSec management must lead the way with skill, professionalism, and flexibility
Unlock Deck
Unlock for access to all 60 flashcards in this deck.
Unlock Deck
k this deck
11
The probability that a specific vulnerability within an organization will be the targetof an attack is known as risk.____________
Unlock Deck
Unlock for access to all 60 flashcards in this deck.
Unlock Deck
k this deck
12
Some threats can manifest in multiple ways,yielding multiple vulnerabilities for an asset-threat pair.
Unlock Deck
Unlock for access to all 60 flashcards in this deck.
Unlock Deck
k this deck
13
The InfoSec community often takes on the leadership role in addressing risk.
Unlock Deck
Unlock for access to all 60 flashcards in this deck.
Unlock Deck
k this deck
14
MAC addresses are considered a reliable identifier for devices with network interfaces,since they are essentially foolproof.
Unlock Deck
Unlock for access to all 60 flashcards in this deck.
Unlock Deck
k this deck
15
An asset valuation approach that uses categorical or nonnumericvalues rather than absolute numerical measures is known as numberless assessment.____________
Unlock Deck
Unlock for access to all 60 flashcards in this deck.
Unlock Deck
k this deck
16
The information technology management community of interest often takes on the leadership role in addressing risk. ____________
Unlock Deck
Unlock for access to all 60 flashcards in this deck.
Unlock Deck
k this deck
17
Which of the following is a network device attribute that may be used in conjunction with DHCP,making asset-identification using this attribute difficult?

A) Part number
B) Serial number
C) MAC address
D) IP address
Unlock Deck
Unlock for access to all 60 flashcards in this deck.
Unlock Deck
k this deck
18
Two of the activities involved in risk management include identifying risks and assessing risks.Which of the following activities is part of the risk identification process?

A) Determining the likelihood that vulnerable systems will be attacked by specific threats
B) Calculating the severity of risks to which assets are exposed in their current setting
C) Assigning a value to each information asset
D) Documenting and reporting the findings of risk identification and assessment
Unlock Deck
Unlock for access to all 60 flashcards in this deck.
Unlock Deck
k this deck
19
Having an established risk management program means that an organization's assets are completely protected.
Unlock Deck
Unlock for access to all 60 flashcards in this deck.
Unlock Deck
k this deck
20
A prioritized lists ofassets and threats can be combined with exploit information into a specialized report known as a TVA worksheet​.____________
Unlock Deck
Unlock for access to all 60 flashcards in this deck.
Unlock Deck
k this deck
21
Once an information asset is identified,categorized,and classified,what must also be assigned to it?

A) Asset tag
B) Relative value
C) Location ID
D) Threat risk
Unlock Deck
Unlock for access to all 60 flashcards in this deck.
Unlock Deck
k this deck
22
What should the prioritized list of assets and their vulnerabilities and the prioritized list of threats facing the organization be combined to create?

A) Risk exposure report
B) Threats-vulnerabilities-assets worksheet
C) Costs-risks-prevention database
D) Threat assessment catalog
Unlock Deck
Unlock for access to all 60 flashcards in this deck.
Unlock Deck
k this deck
23
Determining the cost of recovery from an attack is one calculation that must be made to identify risk,what is another?

A) Cost of prevention
B) Cost of litigation
C) Cost of detection
D) Cost of identification
Unlock Deck
Unlock for access to all 60 flashcards in this deck.
Unlock Deck
k this deck
24
Which of the following is NOT among the typical columns in the ranked vulnerability risk worksheet?

A) Uncertainty percentage
B) Asset impact
C) Risk-rating factor
D) Vulnerability likelihood
Unlock Deck
Unlock for access to all 60 flashcards in this deck.
Unlock Deck
k this deck
25
Data classification schemes should categorize information assets based on which of the following?

A) Value and uniqueness
B) Sensitivity and security needs
C) Cost and replacement value
D) Ease of reproduction and fragility
Unlock Deck
Unlock for access to all 60 flashcards in this deck.
Unlock Deck
k this deck
26
What should you be armed with to adequately assess potential weaknesses in each information asset?

A) Properly classified inventory
B) Audited accounting spreadsheet
C) Intellectual property assessment
D) List of known threats
Unlock Deck
Unlock for access to all 60 flashcards in this deck.
Unlock Deck
k this deck
27
Which of the following distinctly identifies an asset and can be vital in later analysis of threats directed to specific models of certain devices or software components?

A) Name
B) MAC address
C) Serial number
D) Manufacturer's model or part number
Unlock Deck
Unlock for access to all 60 flashcards in this deck.
Unlock Deck
k this deck
28
Which of the following is an attribute of a network device is physically tied to the network interface?

A) Serial number
B) MAC address
C) IP address
D) Model number
Unlock Deck
Unlock for access to all 60 flashcards in this deck.
Unlock Deck
k this deck
29
As each information asset is identified,categorized,and classified,a ________ value must also be assigned to it.
Unlock Deck
Unlock for access to all 60 flashcards in this deck.
Unlock Deck
k this deck
30
Assessing risks includes determining the ____________________ that vulnerable systems will be attacked by specific threats.
Unlock Deck
Unlock for access to all 60 flashcards in this deck.
Unlock Deck
k this deck
31
Classification categories must be mutually exclusive and which of the following?

A) Repeatable
B) Unique
C) Comprehensive
D) Selective
Unlock Deck
Unlock for access to all 60 flashcards in this deck.
Unlock Deck
k this deck
32
Risk ____________ is the process of discovering and assessing the risks to an organization's operations and determining how those risks can be mitigated.
Unlock Deck
Unlock for access to all 60 flashcards in this deck.
Unlock Deck
k this deck
33
As part of the risk identification process,listing the assets in order of importance can be achieved by using a weighted ____________________ worksheet.
Unlock Deck
Unlock for access to all 60 flashcards in this deck.
Unlock Deck
k this deck
34
What is defined as specific avenues that threat agents can exploit to attack an information asset?

A) Liabilities
B) Defenses
C) Vulnerabilities
D) Weaknesses
Unlock Deck
Unlock for access to all 60 flashcards in this deck.
Unlock Deck
k this deck
35
What is the final step in the risk identification process?

A) Assessing values for information assets
B) Classifying and categorizing assets
C) Identifying and inventorying assets
D) Listing assets in order of importance
Unlock Deck
Unlock for access to all 60 flashcards in this deck.
Unlock Deck
k this deck
36
An estimate made by the manager using good judgement and experience can account for which factor of risk assessment?

A) Risk determination
B) Assessing potential loss
C) Likelihood and consequences
D) Uncertainty
Unlock Deck
Unlock for access to all 60 flashcards in this deck.
Unlock Deck
k this deck
37
Which of the following attributes does NOT apply to software information assets?

A) Serial number
B) Controlling entity
C) Manufacturer name
D) Product dimensions
Unlock Deck
Unlock for access to all 60 flashcards in this deck.
Unlock Deck
k this deck
38
Which of the following is an example of a technological obsolescence threat?

A) Hardware equipment failure
B) Unauthorized access
C) Outdated servers
D) Malware
Unlock Deck
Unlock for access to all 60 flashcards in this deck.
Unlock Deck
k this deck
39
The likelihood of the occurrence of a vulnerability multiplied by the value of the information asset minus the percentage of risk mitigated by current controls plus the uncertainty of current knowledge of the vulnerability are each examples of _____.

A) Vulnerability mitigation controls
B) Risk assessment estimate factors
C) Exploit likelihood equation
D) Attack analysis calculation
Unlock Deck
Unlock for access to all 60 flashcards in this deck.
Unlock Deck
k this deck
40
Classification categories must be ____________________ and mutually exclusive.
Unlock Deck
Unlock for access to all 60 flashcards in this deck.
Unlock Deck
k this deck
41
a.risk management
b.risk analysis
c.classification categories
d.risk identification
e.field change order
f.threat assessment
g.risk appetite
h.qualitative assessment
i.residual risk
j.ranked vulnerability risk worksheet
An evaluation of the dangers to information assets,including adetermination of their potential to endanger the organization.
Unlock Deck
Unlock for access to all 60 flashcards in this deck.
Unlock Deck
k this deck
42
How should the initial inventory be used when classifying and categorizing assets?
Unlock Deck
Unlock for access to all 60 flashcards in this deck.
Unlock Deck
k this deck
43
Briefly describe any three standard categories of information asset and their respective risk management components.
Unlock Deck
Unlock for access to all 60 flashcards in this deck.
Unlock Deck
k this deck
44
For the purposes of relative risk assessment how is risk calculated?
Unlock Deck
Unlock for access to all 60 flashcards in this deck.
Unlock Deck
k this deck
45
What strategic role do the InfoSec and IT communities play in risk management?Explain.
Unlock Deck
Unlock for access to all 60 flashcards in this deck.
Unlock Deck
k this deck
46
What are the included tasks in the identification of risks?
Unlock Deck
Unlock for access to all 60 flashcards in this deck.
Unlock Deck
k this deck
47
Discuss the trends in frequency of attacks and how that plays into a risk management strategy.
Unlock Deck
Unlock for access to all 60 flashcards in this deck.
Unlock Deck
k this deck
48
a.risk management
b.risk analysis
c.classification categories
d.risk identification
e.field change order
f.threat assessment
g.risk appetite
h.qualitative assessment
i.residual risk
j.ranked vulnerability risk worksheet
The quantity and nature of risk that organizations are willing to accept.
Unlock Deck
Unlock for access to all 60 flashcards in this deck.
Unlock Deck
k this deck
49
Why is threat identification so important in the process of risk management?
Unlock Deck
Unlock for access to all 60 flashcards in this deck.
Unlock Deck
k this deck
50
Describe the use of an IP address when deciding which attributes to track for each information asset.
Unlock Deck
Unlock for access to all 60 flashcards in this deck.
Unlock Deck
k this deck
51
a.risk management
b.risk analysis
c.classification categories
d.risk identification
e.field change order
f.threat assessment
g.risk appetite
h.qualitative assessment
i.residual risk
j.ranked vulnerability risk worksheet
An asset valuation approach that uses categorical or nonnumeric values rather than absolute numerical measures.
Unlock Deck
Unlock for access to all 60 flashcards in this deck.
Unlock Deck
k this deck
52
a.risk management
b.risk analysis
c.classification categories
d.risk identification
e.field change order
f.threat assessment
g.risk appetite
h.qualitative assessment
i.residual risk
j.ranked vulnerability risk worksheet
Occurs when a manufacturer performs an upgrade to a hardware component at the customer's premises.
Unlock Deck
Unlock for access to all 60 flashcards in this deck.
Unlock Deck
k this deck
53
a.risk management
b.risk analysis
c.classification categories
d.risk identification
e.field change order
f.threat assessment
g.risk appetite
h.qualitative assessment
i.residual risk
j.ranked vulnerability risk worksheet
Remains even after current control has been applied.
Unlock Deck
Unlock for access to all 60 flashcards in this deck.
Unlock Deck
k this deck
54
a.risk management
b.risk analysis
c.classification categories
d.risk identification
e.field change order
f.threat assessment
g.risk appetite
h.qualitative assessment
i.residual risk
j.ranked vulnerability risk worksheet
Assigns a risk-rating ranked value to each uncontrolled asset-vulnerability pair.
Unlock Deck
Unlock for access to all 60 flashcards in this deck.
Unlock Deck
k this deck
55
a.risk management
b.risk analysis
c.classification categories
d.risk identification
e.field change order
f.threat assessment
g.risk appetite
h.qualitative assessment
i.residual risk
j.ranked vulnerability risk worksheet
An approach to combining risk identification,risk assessment,and risk appetite into a single strategy.
Unlock Deck
Unlock for access to all 60 flashcards in this deck.
Unlock Deck
k this deck
56
What does it mean to 'know the enemy' with respect to risk management?
Unlock Deck
Unlock for access to all 60 flashcards in this deck.
Unlock Deck
k this deck
57
a.risk management
b.risk analysis
c.classification categories
d.risk identification
e.field change order
f.threat assessment
g.risk appetite
h.qualitative assessment
i.residual risk
j.ranked vulnerability risk worksheet
The process of identifying risk,assessing its relative magnitude,and takingsteps to reduce it to an acceptable level.
Unlock Deck
Unlock for access to all 60 flashcards in this deck.
Unlock Deck
k this deck
58
a.risk management
b.risk analysis
c.classification categories
d.risk identification
e.field change order
f.threat assessment
g.risk appetite
h.qualitative assessment
i.residual risk
j.ranked vulnerability risk worksheet
The recognition,enumeration,and documentation of risks to anorganization's information assets.
Unlock Deck
Unlock for access to all 60 flashcards in this deck.
Unlock Deck
k this deck
59
List the stages in the risk identification process in order of occurrence.
Unlock Deck
Unlock for access to all 60 flashcards in this deck.
Unlock Deck
k this deck
60
a.risk management
b.risk analysis
c.classification categories
d.risk identification
e.field change order
f.threat assessment
g.risk appetite
h.qualitative assessment
i.residual risk
j.ranked vulnerability risk worksheet
Labels that must be comprehensive and mutually exclusive.
Unlock Deck
Unlock for access to all 60 flashcards in this deck.
Unlock Deck
k this deck
locked card icon
Unlock Deck
Unlock for access to all 60 flashcards in this deck.
QuizPlus
surly
Quizplus
Work With Us
Policies
Download the App
Scan to downloadDownload the App
qr-code
Links
Links
Work With Us
Download the App
surly
English
English
العربية
Scan to downloadDownload the App
qr-code

English
English
العربية
Copyright © 2025 Quizplus LLC.
  • facebook-footer
  • instagram-footer
  • x-footer
  • tiktok
  • Linktree